Secondary menu

Category Archives: Onapsis

Free SAP-Certified Vulnerability Scan

SAP platforms are one of the highest priority targets for cyber-criminals and intruders. Many organizations are already taking proactive steps to secure their platforms by performing security assessments to identify and mitigate vulnerabilities.

Onapsis, in conjunction with Davatec Consulting, is offering a free, one time, one instance vulnerability scan of your SAP environment using Onapsis X1, the industry’s first SAP-certified solution for the automated security assessments of SAP platforms. Utilizing the results from the scan will allow you to gain visibility into the challenge your organization is facing when securing SAP platforms.

Segregation of duties (SoD), as a security principle, is designed primarily to prevent fraud and errors. This objective is achieved by disseminating tasks and associated privileges for a specifc business process among multiple users. A common example of this principle is requiring two signatures to validate a cheque.

For several years, the Auditing and IT Security industries have considered that the deployment of SoD controls was enough to enforcethe security of SAP systems. Therefore, today when many professionals refer to the term 'SAP Security', they are only discussing the processes of creating and managing the SAP roles and profles which are assigned to an organization’s users to restrict their activities over the business information.

While this kind of controls is of absolute importance to the overall security of the SAP landscape, there are many other threats that are overlooked and involve much higher levels of risk: the security vulnerabilities in the technological components that build up SAP platforms (business runtime).

According to a study conducted by the CERT Coordination Center at Carnegie Mellon University, 99% of intrusions result from two factors: exploitation of known vulnerabilities (for which there are patches or corrective countermeasures) and confguration errors.

While SAP rapidly reacts to newly discovered security weaknesses through patches and provides security guidelines to confgure systems securely, still many organizations face a tough time keeping all of their business-critical platforms protected against these threats.

Download the entire whitepaper or contact us for more information:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.

The Challenge
As part of its information security strategy, Siemens continuously performs security assessments and penetration tests of its IT assets. As a Senior Information Security Expert at the Computer Emergency Response Team (CERT) at Siemens, Robert Ingruber, was aware that the organization's numerous SAP systems, which contain the organization's most sensitive data, were not fully tested and assessed. While the operating systems and databases running the SAP platform were being evaluated with the rest of the IT infrastructure, the SAP application itself was mostly addressed at the top business-logic layer.

Download the entire whitepaper or contact us for more information:

Please do not use this form for unsolicited offers as these are considered as spam and are deleted immediately.